lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 28 Feb 2014 14:33:40 +0100
From: Jean-Philippe Aumasson <>
Subject: Re: [PHC] "Predictable" vs "pseudorandom" KDFs

Reminds me of the discussion that lead to "password hashing schemes"
and some of its exotic proposals.

I'd rather settle for something self-contained as "cache-timing
resistant" (we could then have a debate regarding whether "resistant"
or "resilient" is the most suitable adjective; I'd go for the former).

On Fri, Feb 28, 2014 at 1:51 AM, Bill Cox <> wrote:
> On Thu, Feb 27, 2014 at 3:37 PM, Samuel Neves <> wrote:
>> On 27-02-2014 20:11, Solar Designer wrote:
>>> How about "cache timing safe" and "cache timing unsafe"?
>> That is probably the clearest and least ambiguous option. I don't like
>> "predictable" and "pseudorandom", those terms don't need more overloads.
>> For the sake of bike-shedding, I propose "silent" and "noisy".
> I had to look up bike shedding.  This is definitely a bike shedding opportunity.
> I could get behind "silent" and "noisy".  That's better than my
> original "pure" and "dirty".
> How about "stealthy" and "noisy"?  Stealthy sounds cooler.  Definitely
> a bike shed moment...
> Bill

Powered by blists - more mailing lists